I know that it is possible to setup permission at the Model or Action level using Permission::check or canEdit/canAdd/canDelete
However, is it possible to setup database field level permission? So that fields are excluded from editing for front-end editing. Even 'hackers' tried to post the extra fields, it will be ignored. For example, if you got paid subscription model, you don't want the front end user to edit the Status field of the subscription.
In the Yii framework, you can specify which fields are 'safe' or not. Is it possible to have the feature in SS ?
Currently, I have to use a form validator to check current member's group to find out if he is allowed to do that or not.
thanks!